To use Cyware you must have cookies enabled. By Registering or Signing in, you agree to our Terms and Privacy Policy. You can also signup using Google Account. We will not use your credentials to import contacts or post anything on your account without your permission.For more info, please see Login FAQ.

The Chinese company has had a point-of-presence (PoP) presence in North America since the early 2000’s.

China Telecom - a Chinese state-owned telecommunications company has been using its position as a point-of-presence (PoP’s) inside US and Canadian networks to covertly help China’s intelligence agencies conduct espionage operations, experts believe.

PoP’s are the data centers that redirect the traffic between smaller networks, which, in turn, make up for the larger Internet networks. The smaller networks are known as “autonomous systems” (AS) and could belong to big companies like Google, a friendly neighborhood ISP, big tier-1 ISP’s like Verizon or any other big organizations or entities that own a separate block of IP addresses.

Researchers from the US Naval College and Tel Aviv University published a research paper, in which they said that China Telecom, the country’s third largest telecom and internet service provider has been “hijacking the vital internet backbone of western countries”. Notably, the company has had a presence inside North American networks since the early 2000’s, when it created its first point-of-presence (PoP).

Abusing the Border Gateway Protocol (BGP)

According to the researchers, the Chinese government, with the help of China Telecom, was abusing the Border Gateway Protocol (BGP) by hijacking them. The Chinese telecom aided Beijing’s efforts even after the US and China entered into an agreement to stop all government-backed cyberattacks aimed at intellectual property theft, back in September 2015.

According to the researchers, Chinese hackers were determined to use some of the networks that hijack BGP routes to send legitimate traffic through malicious servers. Using this method they carried out man-in-the-middle (MiTM) network traffic interception, and phishing attacks to steal passwords or capture HTTPS traffic. This was later decrypted and used as part of cryptographic attacks such as DROWN or Logjam.

Tracking down long-lived BGP hijacks

Researchers said that they tracked down long-lived BGP hijacks to the ten PoP’s, out of which eight were located in the US and two in Canada.

"Using these numerous PoPs, [China Telecom] has already relatively seamlessly hijacked the domestic US and cross-US traffic and redirected it to China over days, weeks, and months," the researchers added.

Considering the widespread use of BGP, “one may argue such attacks can always be explained by normal' BGP behavior, these, in particular, suggest malicious intent, precisely because of their unusual transit characteristics - namely the lengthened routes and the abnormal durations," said the researchers.

List of long-lived BGP hijacks

Below is a list of long-lived BGP hijacks that abused the traffic of a specific network:-

The hijacking of routes from Canada to South Korean government sites from the beginning of February 2016 - an attack that lasted for about six months.

The hijacking of multiple locations in the US, including the headquarters of an Anglo-American bank in Milan, Italy in October 2016.

The April and May 2017 hijacking of traffic between Scandinavia and Japan, targeting a major US news organization.

Persistent hijacking attempts

The internet network system used by China is more rigid and largely closed off. It is connected using only three nodes located in Bejing, Shangai and Hong Kong. It also makes China restricted to international internet traffic, except the PoP’s set up in North America, Europe and some parts of Asia.

"This imbalance in access allows for malicious behavior by China through China Telecom at a time and place of its choosing while denying the same to the US and its allies,” the researchers noted.

Who we are

Cyware is a first-of-its-kind, comprehensive cyber situational awareness platform, designed to help you stay informed about the latest happenings in the cyber world with expertly curated news stories and updates.

Our Technology

Let IBM's Watson Find the Right News For You

The cyber threat landscape is changing rapidly, and cybersecurity news has claimed its spot on the front pages in recent months. It's not easy to find the right information from tens of thousands of cyber news articles and feeds published every day. Our machine learning based curation engine brings you the most relevant cyber content based on your needs.

Receive Daily Cyber News in Your Inbox

From the latest cyber security trends and innovations to new malware, vulnerabilities and threat intelligence, we bring you the most up-to date and relevant cyber updates and news alerts.